70% of US companies paid a ransom after infection

Instructions for paying ransom from Pygry cryptographer (Jigsaw)

An attack on a ransom-demanding company is still a popular form of earnings in the hacker environment. Previously, it was decided to arrange a DDoS attack and offer services to protect against DDoS (or "independent consulting"), but it was a rather dangerous way. After all, you had to make personal contact with the victim, who probably suspected something. It’s not for nothing that a person offers his services immediately after the start of DDoS.

Now there are ways of extortion, which do not involve any personal contact. With payment for bitcoins, the risks have almost disappeared. And the most important thing is that companies obediently pay in most cases.

According to a new IBM study , 70% of companies that are victims of ransomware programs actually pay fraudsters .
')
Usually such facts are not advertised. Business owners are ashamed to admit that they did not have backup copies, or those were also encrypted. That the level of information security in the company is so weak that employees climb porn sites and social networks during working hours. In general, the recognition of a ransom payment is a receipt of non-professionalism. Therefore, most prefer to remain silent. But the IBM survey was organized on condition of anonymity, so it showed a more objective state of affairs.

The first cryptographer program was discovered in 1989 , since then they have occasionally manifested themselves, but in 2016 a giant surge in the popularity of such malware was recorded. According to IBM X-Force, the share of cryptographer files in spam applications has increased from 0.6% to almost 40% since the beginning of the year, and even reached 60% once a year.



Programs are simple. Once installed on the computer, they scan the file system and find all media with documents that match the encryption mask. Gradually, these documents are encrypted, and at the end of the process all original copies of the files are deleted.

In addition to encrypting files, the program can infect the boot sector of a disk (MBR), as Petya cryptocaster has done .

Then companies usually offer to pay a small amount (usually 1 Bitcoin) to get the key to decrypt the files. For a business, this amount is really small, and many people pay it without hesitation to continue working again.

However, lately, variants of malicious programs that are specifically aimed at legal entities that require payment of four- and five-digit sums , and in some cases even millions of dollars , have been recorded. There are cases where victims actually paid large sums.

Judging by the current trends, IBM specialists expect even greater distribution of cryptographers. In the end, every company may encounter such a threat, in which valuable data is stored locally and there is no streamlined backup process.

According to the FBI , in just three months of 2016, American companies paid to extortioners (we will not name which countries) more than $ 209 million ! At this rate, the amount of the ransom can pass for a billion dollars a year.

An IBM study revealed that the majority of potential victims of the attack still have no idea what cryptographers are. Only 31% of users have heard something about cryptographers. Unawareness of the threat, of course, on the hand of attackers.

The most interesting part of the IBM study is to examine how willing US citizens and commercial companies are to pay a ransom in order to regain access to their files. Here is another good news for the extortionists. Most Americans are willing and will pay. We will study who exactly will pay and for what information.

Medical records and personal photos are not a very profitable goal. Less than half the users are willing to pay to return them. The exception is the financial data (the effectiveness of malware distribution is 54%).

Parents value digital photographs the most (55% efficiency). For other categories of users, the value of this asset is lower (only 39% will pay).

Teenagers ( millennials ) value their digital files more highly than older people. On average, every second person is willing to pay a ransom of up to $ 100 to return various types of data.

Of course, the number of payments directly depends on the amount of the repurchase. Every second is willing to pay a small amount of up to $ 100, but not everyone will pay $ 1,000. From the point of view of the offender, it is important to find the mathematical optimum with the maximization of gross income. It may be more effective to infect one rich man than a thousand "rogue".

With commercial companies, you can collect a lot more money. The IBM survey included representatives of 600 companies with different numbers of employees, both small businesses and representatives of large companies. The survey results were slightly unexpected. It turned out that 46% of surveyed firms have already encountered cryptographers, and 70% of them actually paid the ransom.

20% paid more than $ 40,000
25% paid from $ 20,000 to 40,000
11% paid from $ 10,000 to 20,000

That is, in this case, the business model is not just theoretical, but has already been tested and confirmed.

Given this high efficiency of this type of fraud, one can expect widespread use of cryptographers in the near future, especially in rich countries. Accordingly, this should lead to an increase in the rate of Bitcoin due to increased demand for cryptocurrency. We will assume that this is a self-fulfilling prophecy .